Students at some universities, colleges and K-12 school districts across California — and the nation — are unable to access Canvas, the online learning management platform used for class assignments, tests and more, amid an apparent large-scale data breach of the platform.
Instructure, the company that manages Canvas, initially reported a cybersecurity incident involving a “criminal threat actor” on April 29. While the company has since taken steps to secure its systems, colleges using Canvas across the nation began reporting that the platform was inaccessible on Thursday, May 7.
The California State University system, which serves more than 470,000 students at 23 campuses across the state, said on Thursday that Canvas was down for all of its users at all campuses and at the CSU Chancellor’s Office, which is headquartered in Long Beach.
“Instructure is working diligently to gather more information and get systems restored,” the CSU wrote on its website. “This situation is fluid, and we are working with Instructure to determine the full scope of impact and will provide updates as soon as they are available.”
Instructure, in an incident report log posted on May 6, said that some information potential at risk on account of the security breach includes identifying information including names, email addresses, student ID numbers and messages between Canvas users.
“At this time, we have found no evidence that passwords, dates of birth, government identifiers or financial information were involved. If that changes, we will notify any impacted institutions,” the Instructure log said.
Some social media users posted online Thursday, May 7, reporting that their access to Canvas had been blocked — and instead, they were shown messages from the apparent perpetrator of the attack, a group that identified itself as “Shiny Hunters.”
The message claims that Shiny Hunters will release the data it obtained from affected schools on May 12, 2026, unless Instructure or any of the impacted schools “consult with a cyber advisory firm” and contact Shiny Hunters “privately” to “negotiate a settlement.”
None of the impacted colleges or universities, nor Instructure, have confirmed the identity of the perpetrator of the attack as of around 4 p.m. on Thursday, May 7.
All 116 colleges governed by California Community Colleges — including Long Beach City College, Coast Community College District’s Orange Coast, Goldenwest and Coastline Colleges — have been impacted, according to California Community Colleges officials.
The platform has been taken offline for all California Community College users, according to CCC’s strategic technology initiatives executive in residents Jory Hadsell.
“Our top priority is to protect our students, faculty, and staff while ensuring continuity of instruction. Colleges are deploying alternative communication channels and instructional approaches to keep students supported and on track,” Hadsell said on Thursday. “We are working in close coordination with Instructure as they investigate the incident, secure the system, and restore services.”
California Community Colleges also says that some of their Canvas users have reported receiving emails from the hacker group, and advising anyone who has received the email to ignore it.
“The email claims hackers have been monitoring the user’s activity on web browsers and seeks payment in Bitcoin within 48 hours to have any compromising information deleted,” the CCC said on its website. “This is a scam and anyone receiving such a message should delete it immediately. Do not click on any links, open any attachments, download files, or respond.”
Officials from the Rancho Santiago Canyon Community College District advised its Canvas users to reset their passwords if they accessed the platform anytime after 12 p.m. on Thursday, “out of an abundance of caution.”
University of California campuses also appear to be impacted by the cybersecurity incident.
Maryam Qazi, a UC Irvine student studying art history, was in an afternoon class when her professor alerted her to an “issue” with Canvas.
“I tried to open Canvas, but it’s just inaccessible, you just can’t open it,” Qazi said. “The whole campus is going through it. Everyone is talking about it.”
Canvas, Qazi said, is the “crux” of how UCI students get their work done. A portal for submitting assignments, adding discussion posts, taking tests and quizzes and even viewing grades, professor feedback and course syllabi — ”all of that is so specific to Canvas,” Qazi said.
And for UCI students, who operate under the quarter system, “we are just finishing up midterm week, so there’s still stuff needing to be done,” she added.
“I have another paper due this Saturday,” she said, “so even if it’s down for another 24 hours, we are going to have a bunch of problems.”
At Cal Poly Pomona, director of media relations Cynthia Peters directed students and staff who were worried about being unable to access their course materials as a result of the incident to a Reddit post uploaded by the school’s Bookstore faculty on Thursday.
“I know everyone is stressed out about the outage and needing to study,” school faculty said in the social media post.
The post directed students to information from VitalSource, adding that the situation is being closely monitored and options are being explored to keep student access to courseware.
“We have also reached out directly to our largest courseware providers for instructions/workarounds,” the post added. “As of now, Pearson and Cengage have both confirmed that students can navigate directly to their sites and log in to their courses and homework.”
UC San Diego also issued a statement to its community Thursday, saying that the cyberattack is impacting users “globally,” and advising users to avoid attempting to access Canvas in any way.
“We recognize that this disruption will affect academic programs. Students should wait for instructions from their instructors on temporary measures for submitting course assignments and accessing materials until this situation can be resolved,” the UCSD statement said. “Updates will be provided to the campus as more information becomes available.”
Long Beach Unified School District, in a statement posted to its website on Thursday, said that it is aware of the cybersecurity incident and has restricted access to Canvas for its students as a result.
“We are closely monitoring this situation and will provide additional information as available,” LBUSD officials said.
The Los Angeles Unified School District, alongside the Torrance Unified School District, both said in Thursday statements that they do not use Canvas — and are unaffected by the security incident as a result.
The Santa Ana Unified School District, which educates some 35,000 students across 52 campuses, was impacted, though. Canvas is one of several online educational program used, district spokesperson Fermin Leal said Thursday.
“It depends on the grade and subject how it is used and the teacher how much their lessons are on Canvas,” Leal said. “We have other platforms. This is just one of them.”
If the outage continues Friday, he said a district team would work with teachers on how lessons that might have used Canvas could still be presented.
Leal also noted that while no essential student records are stored on the platform, logins and passwords could be impacted.
The CSU and California Community Colleges, meanwhile, have established websites to provide updates on the incident.
They can be accessed at lts.calstate.edu/csu-canvas-incident-reports and cccsecuritycenter.org/updates/canvas.php.
This is a breaking story. Check back for updates.
Staff writers Mona Darwish, Teresa Liu and Madeline Armstrong, Madison Hart, and editor Heather McRea contributed to this report.